签署大会然后禁用大会验证 [英] Signing An Assembly Then Disabling the Verification of the Assembly

问题描述

我有一个程序集，例如SomeDLL.dll.为了保护篡改，我已经使用VS-2010的对程序集签名"功能对其进行了签名.
然后，我在项目中引用了它，但它不起作用，并抛出了一些与验证有关的错误.然后，我使用以下命令禁用了验证:
sn -Vr SomeLL.dll.

我的问题是在使用上述命令禁用验证后，此签名是否仍然有效?

谢谢.

I have an assembly, for example SomeDLL.dll. I have signed it using the "Sign the assembly" functionality of the VS-2010 in order to protect tampering.
Then, I have referenced it in a project and it did not work and throws some error related to verification. Then, I have disabled the verification using the command of:
sn -Vr SomeLL.dll.

My question is after I have disabled the verification using the above command, does this signing still effective?

Thank you.

推荐答案

您只能跳过验证(使用-Vr来简化开发).但这不是您的目的.您报告了一个问题.因此，如果您确实需要强名(我强烈建议您应该始终对您部署到开发计算机以外的任何地方的所有内容进行签名)，那么问题又会再次出现.请查看我对问题的评论并回答我的问题.也许我可以看到您在哪里弄糟了以及如何解决它们.但首先，请阅读以下内容.

您几乎不需要跳过验证.通常，如果选择以下原则之一或它们的组合，则可以使用已签名的程序集开发解决方案，而不会出现任何问题:1)您应将所有生成程序集的项目放入解决方案中，并按项目引用它们；即:使用窗口添加参考"的项目"选项卡.这是引用程序集的最佳方法:运行时引用将在运行时创建；项目引用不包含密钥令牌，添加或更改签名时将对引用进行适当的修改，因为此信息是从项目文件而不是程序集元数据中获取的. 2)您可以通过程序集的可执行模块文件来引用程序集(使用同一窗口的浏览..."选项卡)，但是在这种情况下，您应该在对程序集进行引用之前对其进行签名.

如果您已经无法遵循上面列出的规则，则可以通过重新引用有问题的程序集来解决此问题.只需从引用项目中删除引用即可，这会给您带来麻烦，然后再次添加相同的引用.再说一次，最好选择项目中的参考程序集，最好将其保留在相同的解决方案中. 无需跳过签名验证.

—SA

You can only skip verification (with -Vr) to simplify development. But this is not your purpose. You reported a problem. So, if you really need strong names (and I strongly suggest you should always sign everything you ever deploy anywhere beyond your development machine), you problem well pop up again. Please see my comment to the question and answer my question. Perhaps I could see where do you screw up things and how to fix them. But first, please read below.

You almost never need to skip verification. Normally, you can develop your solution with signed assemblies without any problems if you choose one of the following principles or their combination: 1) You should put all the projects producing assemblies in on solution and references them by projects; that is: use the tab "Projects" of the window "Add Reference". This is the best way to reference your assemblies: the run-time references will be created on the fly; the project references do not contain key tokens, the references will be modified appropriately when you add or change signatures, as this information is taken from the project files, not from assembly meta-data. 2) You can reference assemblies by their executable module files (using "Browse…" tab of the same window), but in this case you should sign the assemblies before referencing them.

If you already failed to follow the rules listed above, you can fix the problem by re-referencing assemblies in question. Just remove a reference from the referencing project which gives you some trouble and add the same reference again. Then again, prefer reference assemblies by projects which you should better keep in the same solution. There is no need in skipping of signature verification.

—SA

这篇关于签署大会然后禁用大会验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！